The present invention generally relates to controlling access to a headless server, and more specifically, to a system and method for enabling secure access to a program of a headless server device.
The need to protect server- or computer-based systems from malicious activity such as eavesdropping or intruder modification and tampering is well known. The need is especially important for critical infrastructures that include computer-based systems such as, for example, a three phase power system, or electrical power grid, providing electrical power to end users and loads.
Many techniques have been developed in an attempt to establish secure and controlled access and/or communication with a server-based system. For example, U.S. Pat. No. 6,754,820 ('820 patent), entitled “Multiple Level Access System,” naming Scheidt et al. as inventors, discloses a technique for controlling access to computer-based systems. The technique utilizes both symmetric key algorithms (i.e., secret key cryptography) and asymmetric key algorithms (i.e., public key cryptography) with emphasis being placed on asymmetric encryption to establish a credential scheme. The credential is a key pair used for access control where the public key is referred to as the write key and the private key is referred to as a read key. Different credentials are associated with different access levels.
In summary, symmetric encryption uses a shared secret key (i.e., a 128 bit data string) to encrypt (to form cipertext) and decrypt (to form plaintext) messages passed between, for example, a client (sender/receiver) and a server (sender/receiver), where both the client and the server know the secret key. Such encryption and decryption may be performed using one of any suitable algorithms such as data encryption standard (DES) where transmitted messages are encrypted in form during transmission through a public domain such as the Internet. A vulnerability of symmetric encryption however, results from the key distribution mechanism because the secret key, in some form, must traverse the transmission medium between the client and the server.
Asymmetric encryption uses a public/private key pair in which the public key is used (by the sender/server) to encrypt a message and the private key is used (by the receiver/client) to decrypt the message, and vice versa. A message encrypted by the public key can only be decrypted by the private key. Authentication of the sender/server (i.e., verifying that the sender of a public key is the rightful owner of the public key) is typically done through use of a digital certificate. The receiver obtains the digital certificate containing the sender/server's public key from a mutually trusted certificate authority such as VeriSign. The digital certificate is incorporated in the encrypted message so that fraudulent attempts to use another's public key will result in unreadable messages. The digital certificate essentially binds a public key to an entity.
While providing a level of protection, the multiple level access system of the '820 patent includes no provisions for further security measures such as randomizing port selection to thwart an eavesdropper who may have access to a known port or ports used for the encrypted message exchange. When a port number is ascertained by an eavesdropper, a number of vulnerabilities exist. For example, the eavesdropper may determine an application running on the server and may further inject instructions, packets and code via the known port. An eavesdropper may also upload an operating system file to gain control over the server; an unacceptable scenario for critical systems such as the electrical power grid.